summaryrefslogtreecommitdiffstats
path: root/plugins/sudoers/gram.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/sudoers/gram.c')
-rw-r--r--plugins/sudoers/gram.c2300
1 files changed, 2300 insertions, 0 deletions
diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c
new file mode 100644
index 0000000..fff971b
--- /dev/null
+++ b/plugins/sudoers/gram.c
@@ -0,0 +1,2300 @@
+/*
+ * This is an open source non-commercial project. Dear PVS-Studio, please check it.
+ * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
+ */
+
+#include <config.h>
+#include <stdlib.h>
+#include <string.h>
+#define YYBYACC 1
+#define YYMAJOR 1
+#define YYMINOR 9
+#define YYLEX yylex()
+#define YYEMPTY -1
+#define yyclearin (yychar=(YYEMPTY))
+#define yyerrok (yyerrflag=0)
+#define YYRECOVERING() (yyerrflag!=0)
+#define yyparse sudoersparse
+#define yylex sudoerslex
+#define yyerror sudoerserror
+#define yychar sudoerschar
+#define yyval sudoersval
+#define yylval sudoerslval
+#define yydebug sudoersdebug
+#define yynerrs sudoersnerrs
+#define yyerrflag sudoerserrflag
+#define yyss sudoersss
+#define yysslim sudoerssslim
+#define yyssp sudoersssp
+#define yyvs sudoersvs
+#define yyvsp sudoersvsp
+#define yystacksize sudoersstacksize
+#define yylhs sudoerslhs
+#define yylen sudoerslen
+#define yydefred sudoersdefred
+#define yydgoto sudoersdgoto
+#define yysindex sudoerssindex
+#define yyrindex sudoersrindex
+#define yygindex sudoersgindex
+#define yytable sudoerstable
+#define yycheck sudoerscheck
+#define yyname sudoersname
+#define yyrule sudoersrule
+#define YYPREFIX "sudoers"
+#line 2 "gram.y"
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2013, 2014-2018
+ * Todd C. Miller <Todd.Miller@sudo.ws>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <unistd.h>
+#if defined(HAVE_STDINT_H)
+# include <stdint.h>
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+#endif
+#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
+# include <alloca.h>
+#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
+#include <errno.h>
+
+#include "sudoers.h"
+#include "sudo_digest.h"
+#include "toke.h"
+
+/* If we last saw a newline the entry is on the preceding line. */
+#define this_lineno (last_token == COMMENT ? sudolineno - 1 : sudolineno)
+
+/*
+ * Globals
+ */
+bool sudoers_warnings = true;
+bool parse_error = false;
+int errorlineno = -1;
+char *errorfile = NULL;
+
+struct sudoers_parse_tree parsed_policy = {
+ TAILQ_HEAD_INITIALIZER(parsed_policy.userspecs),
+ TAILQ_HEAD_INITIALIZER(parsed_policy.defaults),
+ NULL /* aliases */
+};
+
+/*
+ * Local protoypes
+ */
+static void init_options(struct command_options *opts);
+static bool add_defaults(int, struct member *, struct defaults *);
+static bool add_userspec(struct member *, struct privilege *);
+static struct defaults *new_default(char *, char *, short);
+static struct member *new_member(char *, int);
+static struct command_digest *new_digest(int, char *);
+#line 78 "gram.y"
+#ifndef YYSTYPE_DEFINED
+#define YYSTYPE_DEFINED
+typedef union {
+ struct cmndspec *cmndspec;
+ struct defaults *defaults;
+ struct member *member;
+ struct runascontainer *runas;
+ struct privilege *privilege;
+ struct command_digest *digest;
+ struct sudo_command command;
+ struct command_options options;
+ struct cmndtag tag;
+ char *string;
+ int tok;
+} YYSTYPE;
+#endif /* YYSTYPE_DEFINED */
+#line 131 "gram.c"
+#define COMMAND 257
+#define ALIAS 258
+#define DEFVAR 259
+#define NTWKADDR 260
+#define NETGROUP 261
+#define USERGROUP 262
+#define WORD 263
+#define DIGEST 264
+#define DEFAULTS 265
+#define DEFAULTS_HOST 266
+#define DEFAULTS_USER 267
+#define DEFAULTS_RUNAS 268
+#define DEFAULTS_CMND 269
+#define NOPASSWD 270
+#define PASSWD 271
+#define NOEXEC 272
+#define EXEC 273
+#define SETENV 274
+#define NOSETENV 275
+#define LOG_INPUT 276
+#define NOLOG_INPUT 277
+#define LOG_OUTPUT 278
+#define NOLOG_OUTPUT 279
+#define MAIL 280
+#define NOMAIL 281
+#define FOLLOW 282
+#define NOFOLLOW 283
+#define ALL 284
+#define COMMENT 285
+#define HOSTALIAS 286
+#define CMNDALIAS 287
+#define USERALIAS 288
+#define RUNASALIAS 289
+#define ERROR 290
+#define TYPE 291
+#define ROLE 292
+#define PRIVS 293
+#define LIMITPRIVS 294
+#define CMND_TIMEOUT 295
+#define NOTBEFORE 296
+#define NOTAFTER 297
+#define MYSELF 298
+#define SHA224_TOK 299
+#define SHA256_TOK 300
+#define SHA384_TOK 301
+#define SHA512_TOK 302
+#define YYERRCODE 256
+#if defined(__cplusplus) || defined(__STDC__)
+const short sudoerslhs[] =
+#else
+short sudoerslhs[] =
+#endif
+ { -1,
+ 0, 0, 32, 32, 33, 33, 33, 33, 33, 33,
+ 33, 33, 33, 33, 33, 33, 4, 4, 3, 3,
+ 3, 3, 3, 21, 21, 20, 11, 11, 9, 9,
+ 9, 9, 9, 2, 2, 1, 31, 31, 31, 31,
+ 7, 7, 6, 6, 28, 29, 30, 24, 25, 26,
+ 27, 18, 18, 19, 19, 19, 19, 19, 23, 23,
+ 23, 23, 23, 23, 23, 23, 22, 22, 22, 22,
+ 22, 22, 22, 22, 22, 22, 22, 22, 22, 22,
+ 22, 5, 5, 5, 35, 35, 38, 10, 10, 36,
+ 36, 39, 8, 8, 37, 37, 40, 34, 34, 41,
+ 14, 14, 12, 12, 13, 13, 13, 13, 13, 17,
+ 17, 15, 15, 16, 16, 16,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short sudoerslen[] =
+#else
+short sudoerslen[] =
+#endif
+ { 2,
+ 0, 1, 1, 2, 1, 2, 2, 2, 2, 2,
+ 2, 2, 3, 3, 3, 3, 1, 3, 1, 2,
+ 3, 3, 3, 1, 3, 3, 1, 2, 1, 1,
+ 1, 1, 1, 1, 3, 4, 3, 3, 3, 3,
+ 1, 2, 1, 2, 3, 3, 3, 3, 3, 3,
+ 3, 0, 3, 0, 1, 3, 2, 1, 0, 2,
+ 2, 2, 2, 2, 2, 2, 0, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 1, 1, 1, 1, 3, 3, 1, 3, 1,
+ 3, 3, 1, 3, 1, 3, 3, 1, 3, 3,
+ 1, 3, 1, 2, 1, 1, 1, 1, 1, 1,
+ 3, 1, 2, 1, 1, 1,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short sudoersdefred[] =
+#else
+short sudoersdefred[] =
+#endif
+ { 0,
+ 0, 105, 107, 108, 109, 0, 0, 0, 0, 0,
+ 106, 5, 0, 0, 0, 0, 0, 0, 101, 103,
+ 0, 0, 3, 6, 0, 0, 17, 0, 29, 32,
+ 31, 33, 30, 0, 27, 0, 88, 0, 0, 84,
+ 83, 82, 0, 0, 0, 0, 0, 43, 41, 93,
+ 0, 0, 0, 0, 85, 0, 0, 90, 0, 0,
+ 98, 0, 0, 95, 104, 0, 0, 24, 0, 4,
+ 0, 0, 0, 20, 0, 28, 0, 0, 0, 0,
+ 44, 0, 0, 0, 0, 0, 0, 42, 0, 0,
+ 0, 0, 0, 0, 0, 0, 102, 0, 0, 21,
+ 22, 23, 18, 89, 37, 38, 39, 40, 94, 0,
+ 86, 0, 91, 0, 99, 0, 96, 0, 34, 0,
+ 59, 25, 0, 0, 0, 0, 0, 114, 116, 115,
+ 0, 110, 112, 0, 0, 53, 35, 0, 0, 0,
+ 0, 0, 0, 0, 0, 63, 64, 65, 66, 62,
+ 60, 61, 113, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 68, 69, 70, 71, 72, 73, 74, 75,
+ 76, 77, 80, 81, 78, 79, 36, 111, 49, 48,
+ 50, 51, 45, 46, 47,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short sudoersdgoto[] =
+#else
+short sudoersdgoto[] =
+#endif
+ { 18,
+ 119, 120, 27, 28, 48, 49, 50, 51, 35, 67,
+ 37, 19, 20, 21, 132, 133, 134, 121, 125, 68,
+ 69, 145, 127, 146, 147, 148, 149, 150, 151, 152,
+ 52, 22, 23, 60, 54, 57, 63, 55, 58, 64,
+ 61,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short sudoerssindex[] =
+#else
+short sudoerssindex[] =
+#endif
+ { 512,
+ -272, 0, 0, 0, 0, -23, 227, -19, -19, -5,
+ 0, 0, -239, -236, -234, -232, -231, 0, 0, 0,
+ -33, 512, 0, 0, -3, -220, 0, 3, 0, 0,
+ 0, 0, 0, -225, 0, -28, 0, -24, -24, 0,
+ 0, 0, -240, -15, -8, 2, 4, 0, 0, 0,
+ -21, -12, -9, 6, 0, 7, 12, 0, 10, 14,
+ 0, 13, 25, 0, 0, -19, -36, 0, 26, 0,
+ -208, -202, -198, 0, -23, 0, 227, 3, 3, 3,
+ 0, -179, -178, -174, -173, -5, 3, 0, 227, -239,
+ -5, -236, -19, -234, -19, -232, 0, 52, 227, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 50,
+ 0, 51, 0, 54, 0, 54, 0, -29, 0, 55,
+ 0, 0, 289, -7, 59, 52, -216, 0, 0, 0,
+ -217, 0, 0, 57, 289, 0, 0, 32, 41, 42,
+ 43, 44, 45, 47, 450, 0, 0, 0, 0, 0,
+ 0, 0, 0, 289, 57, -154, -153, -150, -149, -148,
+ -147, -146, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0,};
+#if defined(__cplusplus) || defined(__STDC__)
+const short sudoersrindex[] =
+#else
+short sudoersrindex[] =
+#endif
+ { 118,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 119, 0, 0, 1, 0, 0, 145, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 159, 0, 0, 193, 0, 0, 207,
+ 0, 0, 241, 0, 0, 0, 0, 0, 275, 0,
+ 0, 0, 0, 0, 0, 0, 0, 309, 323, 357,
+ 0, 0, 0, 0, 0, 0, 371, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 404, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 15,
+ 0, 49, 0, 63, 0, 97, 0, 79, 0, 111,
+ 0, 0, 81, 82, 0, 404, 483, 0, 0, 0,
+ 0, 0, 0, 83, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 84, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0,};
+#if defined(__cplusplus) || defined(__STDC__)
+const short sudoersgindex[] =
+#else
+short sudoersgindex[] =
+#endif
+ { 0,
+ 5, 0, 53, 18, 86, 74, -79, 36, 98, -1,
+ 56, 68, 120, -6, -18, 8, 11, 0, 0, 39,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 113, 0, 0, 0, 0, 58, 48, 46,
+ 60,
+};
+#define YYTABLESIZE 801
+#if defined(__cplusplus) || defined(__STDC__)
+const short sudoerstable[] =
+#else
+short sudoerstable[] =
+#endif
+ { 34,
+ 19, 38, 39, 17, 26, 36, 109, 77, 26, 26,
+ 66, 26, 24, 17, 87, 77, 40, 41, 53, 66,
+ 43, 56, 86, 59, 98, 62, 2, 43, 123, 3,
+ 4, 5, 29, 19, 30, 31, 66, 32, 74, 72,
+ 128, 73, 82, 42, 19, 129, 75, 87, 92, 83,
+ 135, 89, 11, 78, 100, 79, 80, 71, 33, 84,
+ 101, 85, 100, 90, 102, 177, 130, 91, 87, 92,
+ 93, 94, 87, 95, 138, 139, 140, 141, 142, 143,
+ 144, 92, 96, 99, 105, 106, 114, 110, 116, 107,
+ 108, 118, 156, 77, 86, 100, 97, 66, 126, 136,
+ 154, 157, 158, 159, 160, 161, 92, 162, 179, 180,
+ 26, 124, 181, 182, 183, 184, 185, 1, 2, 54,
+ 100, 58, 55, 57, 56, 88, 112, 103, 81, 97,
+ 137, 76, 104, 97, 70, 178, 65, 122, 153, 113,
+ 0, 117, 0, 26, 12, 155, 0, 111, 0, 0,
+ 0, 0, 0, 115, 97, 0, 0, 0, 9, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 26, 0,
+ 0, 0, 0, 0, 0, 0, 0, 12, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 9, 10, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 8, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 29, 10, 30, 31, 2, 32,
+ 25, 3, 4, 5, 25, 25, 0, 25, 2, 8,
+ 11, 3, 4, 5, 40, 41, 0, 0, 0, 0,
+ 33, 40, 41, 0, 11, 0, 19, 0, 19, 34,
+ 0, 19, 19, 19, 11, 19, 19, 19, 19, 19,
+ 87, 42, 87, 11, 7, 87, 87, 87, 42, 87,
+ 87, 87, 87, 87, 19, 19, 19, 19, 19, 19,
+ 0, 0, 0, 44, 45, 46, 47, 0, 87, 87,
+ 87, 87, 87, 87, 92, 0, 92, 7, 15, 92,
+ 92, 92, 0, 92, 92, 92, 92, 92, 100, 0,
+ 100, 131, 13, 100, 100, 100, 0, 100, 100, 100,
+ 100, 100, 92, 92, 92, 92, 92, 92, 0, 0,
+ 0, 15, 0, 0, 0, 0, 100, 100, 100, 100,
+ 100, 100, 97, 0, 97, 13, 14, 97, 97, 97,
+ 0, 97, 97, 97, 97, 97, 26, 0, 26, 0,
+ 16, 26, 26, 26, 0, 26, 26, 26, 26, 26,
+ 97, 97, 97, 97, 97, 97, 0, 0, 0, 14,
+ 0, 0, 0, 0, 26, 26, 26, 26, 26, 26,
+ 12, 0, 12, 16, 0, 12, 12, 12, 0, 12,
+ 12, 12, 12, 12, 9, 0, 9, 0, 0, 9,
+ 9, 9, 0, 9, 9, 9, 9, 9, 12, 12,
+ 12, 12, 12, 12, 0, 0, 52, 0, 0, 0,
+ 0, 0, 9, 9, 9, 9, 9, 9, 10, 0,
+ 10, 0, 0, 10, 10, 10, 0, 10, 10, 10,
+ 10, 10, 8, 0, 8, 0, 0, 8, 8, 8,
+ 0, 8, 8, 8, 8, 8, 10, 10, 10, 10,
+ 10, 10, 43, 0, 29, 0, 30, 31, 0, 32,
+ 8, 8, 8, 8, 8, 8, 11, 0, 11, 0,
+ 0, 11, 11, 11, 0, 11, 11, 11, 11, 11,
+ 33, 0, 0, 0, 0, 67, 0, 0, 0, 0,
+ 0, 0, 0, 0, 11, 11, 11, 11, 11, 11,
+ 7, 0, 7, 0, 0, 7, 7, 7, 0, 7,
+ 7, 7, 7, 7, 17, 0, 128, 0, 0, 0,
+ 0, 129, 0, 0, 0, 0, 0, 0, 7, 7,
+ 7, 7, 7, 7, 15, 0, 15, 0, 0, 15,
+ 15, 15, 130, 15, 15, 15, 15, 15, 13, 0,
+ 13, 0, 0, 13, 13, 13, 0, 13, 13, 13,
+ 13, 13, 15, 15, 15, 15, 15, 15, 0, 0,
+ 0, 0, 0, 0, 0, 0, 13, 13, 13, 13,
+ 13, 13, 14, 0, 14, 0, 0, 14, 14, 14,
+ 0, 14, 14, 14, 14, 14, 16, 0, 16, 0,
+ 0, 16, 16, 16, 0, 16, 16, 16, 16, 16,
+ 14, 14, 14, 14, 14, 14, 0, 0, 0, 0,
+ 0, 0, 0, 0, 16, 16, 16, 16, 16, 16,
+ 52, 52, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 52, 52, 52, 52, 52, 52, 52,
+ 52, 52, 52, 52, 52, 52, 52, 52, 0, 0,
+ 0, 0, 0, 0, 52, 52, 52, 52, 52, 52,
+ 52, 0, 52, 52, 52, 52, 40, 41, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 163,
+ 164, 165, 166, 167, 168, 169, 170, 171, 172, 173,
+ 174, 175, 176, 42, 0, 0, 0, 0, 0, 67,
+ 67, 0, 0, 0, 0, 0, 0, 0, 44, 45,
+ 46, 47, 67, 67, 67, 67, 67, 67, 67, 67,
+ 67, 67, 67, 67, 67, 67, 67, 1, 0, 2,
+ 0, 0, 3, 4, 5, 0, 6, 7, 8, 9,
+ 10, 67, 67, 67, 67, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 11, 12, 13, 14, 15,
+ 16,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short sudoerscheck[] =
+#else
+short sudoerscheck[] =
+#endif
+ { 33,
+ 0, 8, 9, 33, 33, 7, 86, 44, 33, 33,
+ 44, 33, 285, 33, 0, 44, 257, 258, 258, 44,
+ 33, 258, 44, 258, 61, 258, 258, 33, 58, 261,
+ 262, 263, 258, 33, 260, 261, 44, 263, 259, 43,
+ 258, 45, 58, 284, 44, 263, 44, 33, 0, 58,
+ 58, 61, 284, 36, 263, 38, 39, 61, 284, 58,
+ 263, 58, 0, 58, 263, 145, 284, 61, 51, 58,
+ 61, 58, 58, 61, 291, 292, 293, 294, 295, 296,
+ 297, 33, 58, 58, 264, 264, 93, 89, 95, 264,
+ 264, 40, 61, 44, 44, 33, 0, 44, 44, 41,
+ 44, 61, 61, 61, 61, 61, 58, 61, 263, 263,
+ 0, 118, 263, 263, 263, 263, 263, 0, 0, 41,
+ 58, 41, 41, 41, 41, 52, 91, 75, 43, 33,
+ 126, 34, 77, 66, 22, 154, 17, 99, 131, 92,
+ -1, 96, -1, 33, 0, 135, -1, 90, -1, -1,
+ -1, -1, -1, 94, 58, -1, -1, -1, 0, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, 58, -1,
+ -1, -1, -1, -1, -1, -1, -1, 33, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, 33, 0, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, 0, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, 258, 33, 260, 261, 258, 263,
+ 259, 261, 262, 263, 259, 259, -1, 259, 258, 33,
+ 0, 261, 262, 263, 257, 258, -1, -1, -1, -1,
+ 284, 257, 258, -1, 284, -1, 256, -1, 258, 33,
+ -1, 261, 262, 263, 284, 265, 266, 267, 268, 269,
+ 256, 284, 258, 33, 0, 261, 262, 263, 284, 265,
+ 266, 267, 268, 269, 284, 285, 286, 287, 288, 289,
+ -1, -1, -1, 299, 300, 301, 302, -1, 284, 285,
+ 286, 287, 288, 289, 256, -1, 258, 33, 0, 261,
+ 262, 263, -1, 265, 266, 267, 268, 269, 256, -1,
+ 258, 33, 0, 261, 262, 263, -1, 265, 266, 267,
+ 268, 269, 284, 285, 286, 287, 288, 289, -1, -1,
+ -1, 33, -1, -1, -1, -1, 284, 285, 286, 287,
+ 288, 289, 256, -1, 258, 33, 0, 261, 262, 263,
+ -1, 265, 266, 267, 268, 269, 256, -1, 258, -1,
+ 0, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ 284, 285, 286, 287, 288, 289, -1, -1, -1, 33,
+ -1, -1, -1, -1, 284, 285, 286, 287, 288, 289,
+ 256, -1, 258, 33, -1, 261, 262, 263, -1, 265,
+ 266, 267, 268, 269, 256, -1, 258, -1, -1, 261,
+ 262, 263, -1, 265, 266, 267, 268, 269, 284, 285,
+ 286, 287, 288, 289, -1, -1, 33, -1, -1, -1,
+ -1, -1, 284, 285, 286, 287, 288, 289, 256, -1,
+ 258, -1, -1, 261, 262, 263, -1, 265, 266, 267,
+ 268, 269, 256, -1, 258, -1, -1, 261, 262, 263,
+ -1, 265, 266, 267, 268, 269, 284, 285, 286, 287,
+ 288, 289, 33, -1, 258, -1, 260, 261, -1, 263,
+ 284, 285, 286, 287, 288, 289, 256, -1, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ 284, -1, -1, -1, -1, 33, -1, -1, -1, -1,
+ -1, -1, -1, -1, 284, 285, 286, 287, 288, 289,
+ 256, -1, 258, -1, -1, 261, 262, 263, -1, 265,
+ 266, 267, 268, 269, 33, -1, 258, -1, -1, -1,
+ -1, 263, -1, -1, -1, -1, -1, -1, 284, 285,
+ 286, 287, 288, 289, 256, -1, 258, -1, -1, 261,
+ 262, 263, 284, 265, 266, 267, 268, 269, 256, -1,
+ 258, -1, -1, 261, 262, 263, -1, 265, 266, 267,
+ 268, 269, 284, 285, 286, 287, 288, 289, -1, -1,
+ -1, -1, -1, -1, -1, -1, 284, 285, 286, 287,
+ 288, 289, 256, -1, 258, -1, -1, 261, 262, 263,
+ -1, 265, 266, 267, 268, 269, 256, -1, 258, -1,
+ -1, 261, 262, 263, -1, 265, 266, 267, 268, 269,
+ 284, 285, 286, 287, 288, 289, -1, -1, -1, -1,
+ -1, -1, -1, -1, 284, 285, 286, 287, 288, 289,
+ 257, 258, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, 270, 271, 272, 273, 274, 275, 276,
+ 277, 278, 279, 280, 281, 282, 283, 284, -1, -1,
+ -1, -1, -1, -1, 291, 292, 293, 294, 295, 296,
+ 297, -1, 299, 300, 301, 302, 257, 258, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, 270,
+ 271, 272, 273, 274, 275, 276, 277, 278, 279, 280,
+ 281, 282, 283, 284, -1, -1, -1, -1, -1, 257,
+ 258, -1, -1, -1, -1, -1, -1, -1, 299, 300,
+ 301, 302, 270, 271, 272, 273, 274, 275, 276, 277,
+ 278, 279, 280, 281, 282, 283, 284, 256, -1, 258,
+ -1, -1, 261, 262, 263, -1, 265, 266, 267, 268,
+ 269, 299, 300, 301, 302, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, 284, 285, 286, 287, 288,
+ 289,
+};
+#define YYFINAL 18
+#ifndef YYDEBUG
+#define YYDEBUG 0
+#endif
+#define YYMAXTOKEN 302
+#if YYDEBUG
+#if defined(__cplusplus) || defined(__STDC__)
+const char * const sudoersname[] =
+#else
+char *sudoersname[] =
+#endif
+ {
+"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+"'!'",0,0,0,0,0,0,"'('","')'",0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",
+0,0,"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DIGEST",
+"DEFAULTS","DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND",
+"NOPASSWD","PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT",
+"NOLOG_INPUT","LOG_OUTPUT","NOLOG_OUTPUT","MAIL","NOMAIL","FOLLOW","NOFOLLOW",
+"ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS","RUNASALIAS","ERROR","TYPE",
+"ROLE","PRIVS","LIMITPRIVS","CMND_TIMEOUT","NOTBEFORE","NOTAFTER","MYSELF",
+"SHA224_TOK","SHA256_TOK","SHA384_TOK","SHA512_TOK",
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const char * const sudoersrule[] =
+#else
+char *sudoersrule[] =
+#endif
+ {"$accept : file",
+"file :",
+"file : line",
+"line : entry",
+"line : line entry",
+"entry : COMMENT",
+"entry : error COMMENT",
+"entry : userlist privileges",
+"entry : USERALIAS useraliases",
+"entry : HOSTALIAS hostaliases",
+"entry : CMNDALIAS cmndaliases",
+"entry : RUNASALIAS runasaliases",
+"entry : DEFAULTS defaults_list",
+"entry : DEFAULTS_USER userlist defaults_list",
+"entry : DEFAULTS_RUNAS userlist defaults_list",
+"entry : DEFAULTS_HOST hostlist defaults_list",
+"entry : DEFAULTS_CMND cmndlist defaults_list",
+"defaults_list : defaults_entry",
+"defaults_list : defaults_list ',' defaults_entry",
+"defaults_entry : DEFVAR",
+"defaults_entry : '!' DEFVAR",
+"defaults_entry : DEFVAR '=' WORD",
+"defaults_entry : DEFVAR '+' WORD",
+"defaults_entry : DEFVAR '-' WORD",
+"privileges : privilege",
+"privileges : privileges ':' privilege",
+"privilege : hostlist '=' cmndspeclist",
+"ophost : host",
+"ophost : '!' host",
+"host : ALIAS",
+"host : ALL",
+"host : NETGROUP",
+"host : NTWKADDR",
+"host : WORD",
+"cmndspeclist : cmndspec",
+"cmndspeclist : cmndspeclist ',' cmndspec",
+"cmndspec : runasspec options cmndtag digcmnd",
+"digest : SHA224_TOK ':' DIGEST",
+"digest : SHA256_TOK ':' DIGEST",
+"digest : SHA384_TOK ':' DIGEST",
+"digest : SHA512_TOK ':' DIGEST",
+"digcmnd : opcmnd",
+"digcmnd : digest opcmnd",
+"opcmnd : cmnd",
+"opcmnd : '!' cmnd",
+"timeoutspec : CMND_TIMEOUT '=' WORD",
+"notbeforespec : NOTBEFORE '=' WORD",
+"notafterspec : NOTAFTER '=' WORD",
+"rolespec : ROLE '=' WORD",
+"typespec : TYPE '=' WORD",
+"privsspec : PRIVS '=' WORD",
+"limitprivsspec : LIMITPRIVS '=' WORD",
+"runasspec :",
+"runasspec : '(' runaslist ')'",
+"runaslist :",
+"runaslist : userlist",
+"runaslist : userlist ':' grouplist",
+"runaslist : ':' grouplist",
+"runaslist : ':'",
+"options :",
+"options : options notbeforespec",
+"options : options notafterspec",
+"options : options timeoutspec",
+"options : options rolespec",
+"options : options typespec",
+"options : options privsspec",
+"options : options limitprivsspec",
+"cmndtag :",
+"cmndtag : cmndtag NOPASSWD",
+"cmndtag : cmndtag PASSWD",
+"cmndtag : cmndtag NOEXEC",
+"cmndtag : cmndtag EXEC",
+"cmndtag : cmndtag SETENV",
+"cmndtag : cmndtag NOSETENV",
+"cmndtag : cmndtag LOG_INPUT",
+"cmndtag : cmndtag NOLOG_INPUT",
+"cmndtag : cmndtag LOG_OUTPUT",
+"cmndtag : cmndtag NOLOG_OUTPUT",
+"cmndtag : cmndtag FOLLOW",
+"cmndtag : cmndtag NOFOLLOW",
+"cmndtag : cmndtag MAIL",
+"cmndtag : cmndtag NOMAIL",
+"cmnd : ALL",
+"cmnd : ALIAS",
+"cmnd : COMMAND",
+"hostaliases : hostalias",
+"hostaliases : hostaliases ':' hostalias",
+"hostalias : ALIAS '=' hostlist",
+"hostlist : ophost",
+"hostlist : hostlist ',' ophost",
+"cmndaliases : cmndalias",
+"cmndaliases : cmndaliases ':' cmndalias",
+"cmndalias : ALIAS '=' cmndlist",
+"cmndlist : digcmnd",
+"cmndlist : cmndlist ',' digcmnd",
+"runasaliases : runasalias",
+"runasaliases : runasaliases ':' runasalias",
+"runasalias : ALIAS '=' userlist",
+"useraliases : useralias",
+"useraliases : useraliases ':' useralias",
+"useralias : ALIAS '=' userlist",
+"userlist : opuser",
+"userlist : userlist ',' opuser",
+"opuser : user",
+"opuser : '!' user",
+"user : ALIAS",
+"user : ALL",
+"user : NETGROUP",
+"user : USERGROUP",
+"user : WORD",
+"grouplist : opgroup",
+"grouplist : grouplist ',' opgroup",
+"opgroup : group",
+"opgroup : '!' group",
+"group : ALIAS",
+"group : ALL",
+"group : WORD",
+};
+#endif
+#ifdef YYSTACKSIZE
+#undef YYMAXDEPTH
+#define YYMAXDEPTH YYSTACKSIZE
+#else
+#ifdef YYMAXDEPTH
+#define YYSTACKSIZE YYMAXDEPTH
+#else
+#define YYSTACKSIZE 10000
+#define YYMAXDEPTH 10000
+#endif
+#endif
+#define YYINITSTACKSIZE 200
+/* LINTUSED */
+int yydebug;
+int yynerrs;
+int yyerrflag;
+int yychar;
+short *yyssp;
+YYSTYPE *yyvsp;
+YYSTYPE yyval;
+YYSTYPE yylval;
+short *yyss;
+short *yysslim;
+YYSTYPE *yyvs;
+unsigned int yystacksize;
+int yyparse(void);
+#line 904 "gram.y"
+void
+sudoerserror(const char *s)
+{
+ debug_decl(sudoerserror, SUDOERS_DEBUG_PARSER)
+
+ /* Save the line the first error occurred on. */
+ if (errorlineno == -1) {
+ errorlineno = this_lineno;
+ rcstr_delref(errorfile);
+ errorfile = rcstr_addref(sudoers);
+ }
+ if (sudoers_warnings && s != NULL) {
+ LEXTRACE("<*> ");
+#ifndef TRACELEXER
+ if (trace_print == NULL || trace_print == sudoers_trace_print) {
+ const char fmt[] = ">>> %s: %s near line %d <<<\n";
+ int oldlocale;
+
+ /* Warnings are displayed in the user's locale. */
+ sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale);
+ sudo_printf(SUDO_CONV_ERROR_MSG, _(fmt), sudoers, _(s), this_lineno);
+ sudoers_setlocale(oldlocale, NULL);
+ }
+#endif
+ }
+ parse_error = true;
+ debug_return;
+}
+
+static struct defaults *
+new_default(char *var, char *val, short op)
+{
+ struct defaults *d;
+ debug_decl(new_default, SUDOERS_DEBUG_PARSER)
+
+ if ((d = calloc(1, sizeof(struct defaults))) == NULL) {
+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+ "unable to allocate memory");
+ debug_return_ptr(NULL);
+ }
+
+ d->var = var;
+ d->val = val;
+ /* d->type = 0; */
+ d->op = op;
+ /* d->binding = NULL */
+ d->lineno = this_lineno;
+ d->file = rcstr_addref(sudoers);
+ HLTQ_INIT(d, entries);
+
+ debug_return_ptr(d);
+}
+
+static struct member *
+new_member(char *name, int type)
+{
+ struct member *m;
+ debug_decl(new_member, SUDOERS_DEBUG_PARSER)
+
+ if ((m = calloc(1, sizeof(struct member))) == NULL) {
+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+ "unable to allocate memory");
+ debug_return_ptr(NULL);
+ }
+
+ m->name = name;
+ m->type = type;
+ HLTQ_INIT(m, entries);
+
+ debug_return_ptr(m);
+}
+
+static struct command_digest *
+new_digest(int digest_type, char *digest_str)
+{
+ struct command_digest *digest;
+ debug_decl(new_digest, SUDOERS_DEBUG_PARSER)
+
+ if ((digest = malloc(sizeof(*digest))) == NULL) {
+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+ "unable to allocate memory");
+ debug_return_ptr(NULL);
+ }
+
+ digest->digest_type = digest_type;
+ digest->digest_str = digest_str;
+ if (digest->digest_str == NULL) {
+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+ "unable to allocate memory");
+ free(digest);
+ digest = NULL;
+ }
+
+ debug_return_ptr(digest);
+}
+
+/*
+ * Add a list of defaults structures to the defaults list.
+ * The binding, if non-NULL, specifies a list of hosts, users, or
+ * runas users the entries apply to (specified by the type).
+ */
+static bool
+add_defaults(int type, struct member *bmem, struct defaults *defs)
+{
+ struct defaults *d, *next;
+ struct member_list *binding;
+ bool ret = true;
+ debug_decl(add_defaults, SUDOERS_DEBUG_PARSER)
+
+ if (defs != NULL) {
+ /*
+ * We use a single binding for each entry in defs.
+ */
+ if ((binding = malloc(sizeof(*binding))) == NULL) {
+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+ "unable to allocate memory");
+ sudoerserror(N_("unable to allocate memory"));
+ debug_return_bool(false);
+ }
+ if (bmem != NULL)
+ HLTQ_TO_TAILQ(binding, bmem, entries);
+ else
+ TAILQ_INIT(binding);
+
+ /*
+ * Set type and binding (who it applies to) for new entries.
+ * Then add to the global defaults list.
+ */
+ HLTQ_FOREACH_SAFE(d, defs, entries, next) {
+ d->type = type;
+ d->binding = binding;
+ TAILQ_INSERT_TAIL(&parsed_policy.defaults, d, entries);
+ }
+ }
+
+ debug_return_bool(ret);
+}
+
+/*
+ * Allocate a new struct userspec, populate it, and insert it at the
+ * end of the userspecs list.
+ */
+static bool
+add_userspec(struct member *members, struct privilege *privs)
+{
+ struct userspec *u;
+ debug_decl(add_userspec, SUDOERS_DEBUG_PARSER)
+
+ if ((u = calloc(1, sizeof(*u))) == NULL) {
+ sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+ "unable to allocate memory");
+ debug_return_bool(false);
+ }
+ u->lineno = this_lineno;
+ u->file = rcstr_addref(sudoers);
+ HLTQ_TO_TAILQ(&u->users, members, entries);
+ HLTQ_TO_TAILQ(&u->privileges, privs, entries);
+ STAILQ_INIT(&u->comments);
+ TAILQ_INSERT_TAIL(&parsed_policy.userspecs, u, entries);
+
+ debug_return_bool(true);
+}
+
+/*
+ * Free a member struct and its contents.
+ */
+void
+free_member(struct member *m)
+{
+ debug_decl(free_member, SUDOERS_DEBUG_PARSER)
+
+ if (m->type == COMMAND) {
+ struct sudo_command *c = (struct sudo_command *)m->name;
+ free(c->cmnd);
+ free(c->args);
+ if (c->digest != NULL) {
+ free(c->digest->digest_str);
+ free(c->digest);
+ }
+ }
+ free(m->name);
+ free(m);
+
+ debug_return;
+}
+
+/*
+ * Free a tailq of members but not the struct member_list container itself.
+ */
+void
+free_members(struct member_list *members)
+{
+ struct member *m;
+ debug_decl(free_members, SUDOERS_DEBUG_PARSER)
+
+ while ((m = TAILQ_FIRST(members)) != NULL) {
+ TAILQ_REMOVE(members, m, entries);
+ free_member(m);
+ }
+
+ debug_return;
+}
+
+void
+free_defaults(struct defaults_list *defs)
+{
+ struct member_list *prev_binding = NULL;
+ struct defaults *def;
+ debug_decl(free_defaults, SUDOERS_DEBUG_PARSER)
+
+ while ((def = TAILQ_FIRST(defs)) != NULL) {
+ TAILQ_REMOVE(defs, def, entries);
+ free_default(def, &prev_binding);
+ }
+
+ debug_return;
+}
+
+void
+free_default(struct defaults *def, struct member_list **binding)
+{
+ debug_decl(free_default, SUDOERS_DEBUG_PARSER)
+
+ if (def->binding != *binding) {
+ *binding = def->binding;
+ if (def->binding != NULL) {
+ free_members(def->binding);
+ free(def->binding);
+ }
+ }
+ rcstr_delref(def->file);
+ free(def->var);
+ free(def->val);
+ free(def);
+
+ debug_return;
+}
+
+void
+free_privilege(struct privilege *priv)
+{
+ struct member_list *runasuserlist = NULL, *runasgrouplist = NULL;
+ struct member_list *prev_binding = NULL;
+ struct cmndspec *cs;
+ struct defaults *def;
+#ifdef HAVE_SELINUX
+ char *role = NULL, *type = NULL;
+#endif /* HAVE_SELINUX */
+#ifdef HAVE_PRIV_SET
+ char *privs = NULL, *limitprivs = NULL;
+#endif /* HAVE_PRIV_SET */
+ debug_decl(free_privilege, SUDOERS_DEBUG_PARSER)
+
+ free(priv->ldap_role);
+ free_members(&priv->hostlist);
+ while ((cs = TAILQ_FIRST(&priv->cmndlist)) != NULL) {
+ TAILQ_REMOVE(&priv->cmndlist, cs, entries);
+#ifdef HAVE_SELINUX
+ /* Only free the first instance of a role/type. */
+ if (cs->role != role) {
+ role = cs->role;
+ free(cs->role);
+ }
+ if (cs->type != type) {
+ type = cs->type;
+ free(cs->type);
+ }
+#endif /* HAVE_SELINUX */
+#ifdef HAVE_PRIV_SET
+ /* Only free the first instance of privs/limitprivs. */
+ if (cs->privs != privs) {
+ privs = cs->privs;
+ free(cs->privs);
+ }
+ if (cs->limitprivs != limitprivs) {
+ limitprivs = cs->limitprivs;
+ free(cs->limitprivs);
+ }
+#endif /* HAVE_PRIV_SET */
+ /* Only free the first instance of runas user/group lists. */
+ if (cs->runasuserlist && cs->runasuserlist != runasuserlist) {
+ runasuserlist = cs->runasuserlist;
+ free_members(runasuserlist);
+ free(runasuserlist);
+ }
+ if (cs->runasgrouplist && cs->runasgrouplist != runasgrouplist) {
+ runasgrouplist = cs->runasgrouplist;
+ free_members(runasgrouplist);
+ free(runasgrouplist);
+ }
+ free_member(cs->cmnd);
+ free(cs);
+ }
+ while ((def = TAILQ_FIRST(&priv->defaults)) != NULL) {
+ TAILQ_REMOVE(&priv->defaults, def, entries);
+ free_default(def, &prev_binding);
+ }
+ free(priv);
+
+ debug_return;
+}
+
+void
+free_userspecs(struct userspec_list *usl)
+{
+ struct userspec *us;
+ debug_decl(free_userspecs, SUDOERS_DEBUG_PARSER)
+
+ while ((us = TAILQ_FIRST(usl)) != NULL) {
+ TAILQ_REMOVE(usl, us, entries);
+ free_userspec(us);
+ }
+
+ debug_return;
+}
+
+void
+free_userspec(struct userspec *us)
+{
+ struct privilege *priv;
+ struct sudoers_comment *comment;
+ debug_decl(free_userspec, SUDOERS_DEBUG_PARSER)
+
+ free_members(&us->users);
+ while ((priv = TAILQ_FIRST(&us->privileges)) != NULL) {
+ TAILQ_REMOVE(&us->privileges, priv, entries);
+ free_privilege(priv);
+ }
+ while ((comment = STAILQ_FIRST(&us->comments)) != NULL) {
+ STAILQ_REMOVE_HEAD(&us->comments, entries);
+ free(comment->str);
+ free(comment);
+ }
+ rcstr_delref(us->file);
+ free(us);
+
+ debug_return;
+}
+
+/*
+ * Initialized a sudoers parse tree.
+ */
+void
+init_parse_tree(struct sudoers_parse_tree *parse_tree)
+{
+ TAILQ_INIT(&parse_tree->userspecs);
+ TAILQ_INIT(&parse_tree->defaults);
+ parse_tree->aliases = NULL;
+}
+
+/*
+ * Move the contents of parsed_policy to new_tree.
+ */
+void
+reparent_parse_tree(struct sudoers_parse_tree *new_tree)
+{
+ TAILQ_CONCAT(&new_tree->userspecs, &parsed_policy.userspecs, entries);
+ TAILQ_CONCAT(&new_tree->defaults, &parsed_policy.defaults, entries);
+ new_tree->aliases = parsed_policy.aliases;
+ parsed_policy.aliases = NULL;
+}
+
+/*
+ * Free the contents of a sudoers parse tree and initialize it.
+ */
+void
+free_parse_tree(struct sudoers_parse_tree *parse_tree)
+{
+ free_userspecs(&parse_tree->userspecs);
+ free_defaults(&parse_tree->defaults);
+ free_aliases(parse_tree->aliases);
+ parse_tree->aliases = NULL;
+}
+
+/*
+ * Free up space used by data structures from a previous parser run and sets
+ * the current sudoers file to path.
+ */
+bool
+init_parser(const char *path, bool quiet)
+{
+ bool ret = true;
+ debug_decl(init_parser, SUDOERS_DEBUG_PARSER)
+
+ free_parse_tree(&parsed_policy);
+ init_lexer();
+
+ rcstr_delref(sudoers);
+ if (path != NULL) {
+ if ((sudoers = rcstr_dup(path)) == NULL) {
+ sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+ ret = false;
+ }
+ } else {
+ sudoers = NULL;
+ }
+
+ parse_error = false;
+ errorlineno = -1;
+ rcstr_delref(errorfile);
+ errorfile = NULL;
+ sudoers_warnings = !quiet;
+
+ debug_return_bool(ret);
+}
+
+/*
+ * Initialize all options in a cmndspec.
+ */
+static void
+init_options(struct command_options *opts)
+{
+ opts->notbefore = UNSPEC;
+ opts->notafter = UNSPEC;
+ opts->timeout = UNSPEC;
+#ifdef HAVE_SELINUX
+ opts->role = NULL;
+ opts->type = NULL;
+#endif
+#ifdef HAVE_PRIV_SET
+ opts->privs = NULL;
+ opts->limitprivs = NULL;
+#endif
+}
+#line 1044 "gram.c"
+/* allocate initial stack or double stack size, up to YYMAXDEPTH */
+#if defined(__cplusplus) || defined(__STDC__)
+static int yygrowstack(void)
+#else
+static int yygrowstack()
+#endif
+{
+ unsigned int newsize;
+ long sslen;
+ short *newss;
+ YYSTYPE *newvs;
+
+ if ((newsize = yystacksize) == 0)
+ newsize = YYINITSTACKSIZE;
+ else if (newsize >= YYMAXDEPTH)
+ return -1;
+ else if ((newsize *= 2) > YYMAXDEPTH)
+ newsize = YYMAXDEPTH;
+#ifdef SIZE_MAX
+#define YY_SIZE_MAX SIZE_MAX
+#else
+#ifdef __STDC__
+#define YY_SIZE_MAX 0xffffffffU
+#else
+#define YY_SIZE_MAX (unsigned int)0xffffffff
+#endif
+#endif
+ if (YY_SIZE_MAX / newsize < sizeof *newss)
+ goto bail;
+ sslen = yyssp - yyss;
+ newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
+ (short *)malloc(newsize * sizeof *newss); /* overflow check above */
+ if (newss == NULL)
+ goto bail;
+ yyss = newss;
+ yyssp = newss + sslen;
+ newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
+ (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
+ if (newvs == NULL)
+ goto bail;
+ yyvs = newvs;
+ yyvsp = newvs + sslen;
+ yystacksize = newsize;
+ yysslim = yyss + newsize - 1;
+ return 0;
+bail:
+ if (yyss)
+ free(yyss);
+ if (yyvs)
+ free(yyvs);
+ yyss = yyssp = NULL;
+ yyvs = yyvsp = NULL;
+ yystacksize = 0;
+ return -1;
+}
+
+#define YYABORT goto yyabort
+#define YYREJECT goto yyabort
+#define YYACCEPT goto yyaccept
+#define YYERROR goto yyerrlab
+int
+#if defined(__cplusplus) || defined(__STDC__)
+yyparse(void)
+#else
+yyparse()
+#endif
+{
+ int yym, yyn, yystate;
+#if YYDEBUG
+#if defined(__cplusplus) || defined(__STDC__)
+ const char *yys;
+#else /* !(defined(__cplusplus) || defined(__STDC__)) */
+ char *yys;
+#endif /* !(defined(__cplusplus) || defined(__STDC__)) */
+
+ if ((yys = getenv("YYDEBUG")))
+ {
+ yyn = *yys;
+ if (yyn >= '0' && yyn <= '9')
+ yydebug = yyn - '0';
+ }
+#endif /* YYDEBUG */
+
+ yynerrs = 0;
+ yyerrflag = 0;
+ yychar = (-1);
+
+ if (yyss == NULL && yygrowstack()) goto yyoverflow;
+ yyssp = yyss;
+ yyvsp = yyvs;
+ *yyssp = yystate = 0;
+
+yyloop:
+ if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
+ if (yychar < 0)
+ {
+ if ((yychar = yylex()) < 0) yychar = 0;
+#if YYDEBUG
+ if (yydebug)
+ {
+ yys = 0;
+ if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+ if (!yys) yys = "illegal-symbol";
+ printf("%sdebug: state %d, reading %d (%s)\n",
+ YYPREFIX, yystate, yychar, yys);
+ }
+#endif
+ }
+ if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: state %d, shifting to state %d\n",
+ YYPREFIX, yystate, yytable[yyn]);
+#endif
+ if (yyssp >= yysslim && yygrowstack())
+ {
+ goto yyoverflow;
+ }
+ *++yyssp = yystate = yytable[yyn];
+ *++yyvsp = yylval;
+ yychar = (-1);
+ if (yyerrflag > 0) --yyerrflag;
+ goto yyloop;
+ }
+ if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+ {
+ yyn = yytable[yyn];
+ goto yyreduce;
+ }
+ if (yyerrflag) goto yyinrecovery;
+#if defined(__GNUC__)
+ goto yynewerror;
+#endif
+yynewerror:
+ yyerror("syntax error");
+#if defined(__GNUC__)
+ goto yyerrlab;
+#endif
+yyerrlab:
+ ++yynerrs;
+yyinrecovery:
+ if (yyerrflag < 3)
+ {
+ yyerrflag = 3;
+ for (;;)
+ {
+ if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: state %d, error recovery shifting\
+ to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
+#endif
+ if (yyssp >= yysslim && yygrowstack())
+ {
+ goto yyoverflow;
+ }
+ *++yyssp = yystate = yytable[yyn];
+ *++yyvsp = yylval;
+ goto yyloop;
+ }
+ else
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: error recovery discarding state %d\n",
+ YYPREFIX, *yyssp);
+#endif
+ if (yyssp <= yyss) goto yyabort;
+ --yyssp;
+ --yyvsp;
+ }
+ }
+ }
+ else
+ {
+ if (yychar == 0) goto yyabort;
+#if YYDEBUG
+ if (yydebug)
+ {
+ yys = 0;
+ if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+ if (!yys) yys = "illegal-symbol";
+ printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
+ YYPREFIX, yystate, yychar, yys);
+ }
+#endif
+ yychar = (-1);
+ goto yyloop;
+ }
+yyreduce:
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: state %d, reducing by rule %d (%s)\n",
+ YYPREFIX, yystate, yyn, yyrule[yyn]);
+#endif
+ yym = yylen[yyn];
+ if (yym)
+ yyval = yyvsp[1-yym];
+ else
+ memset(&yyval, 0, sizeof yyval);
+ switch (yyn)
+ {
+case 1:
+#line 176 "gram.y"
+{ ; }
+break;
+case 5:
+#line 184 "gram.y"
+{
+ ;
+ }
+break;
+case 6:
+#line 187 "gram.y"
+{
+ yyerrok;
+ }
+break;
+case 7:
+#line 190 "gram.y"
+{
+ if (!add_userspec(yyvsp[-1].member, yyvsp[0].privilege)) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 8:
+#line 196 "gram.y"
+{
+ ;
+ }
+break;
+case 9:
+#line 199 "gram.y"
+{
+ ;
+ }
+break;
+case 10:
+#line 202 "gram.y"
+{
+ ;
+ }
+break;
+case 11:
+#line 205 "gram.y"
+{
+ ;
+ }
+break;
+case 12:
+#line 208 "gram.y"
+{
+ if (!add_defaults(DEFAULTS, NULL, yyvsp[0].defaults))
+ YYERROR;
+ }
+break;
+case 13:
+#line 212 "gram.y"
+{
+ if (!add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults))
+ YYERROR;
+ }
+break;
+case 14:
+#line 216 "gram.y"
+{
+ if (!add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults))
+ YYERROR;
+ }
+break;
+case 15:
+#line 220 "gram.y"
+{
+ if (!add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults))
+ YYERROR;
+ }
+break;
+case 16:
+#line 224 "gram.y"
+{
+ if (!add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults))
+ YYERROR;
+ }
+break;
+case 18:
+#line 231 "gram.y"
+{
+ HLTQ_CONCAT(yyvsp[-2].defaults, yyvsp[0].defaults, entries);
+ yyval.defaults = yyvsp[-2].defaults;
+ }
+break;
+case 19:
+#line 237 "gram.y"
+{
+ yyval.defaults = new_default(yyvsp[0].string, NULL, true);
+ if (yyval.defaults == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 20:
+#line 244 "gram.y"
+{
+ yyval.defaults = new_default(yyvsp[0].string, NULL, false);
+ if (yyval.defaults == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 21:
+#line 251 "gram.y"
+{
+ yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, true);
+ if (yyval.defaults == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 22:
+#line 258 "gram.y"
+{
+ yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
+ if (yyval.defaults == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 23:
+#line 265 "gram.y"
+{
+ yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
+ if (yyval.defaults == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 25:
+#line 275 "gram.y"
+{
+ HLTQ_CONCAT(yyvsp[-2].privilege, yyvsp[0].privilege, entries);
+ yyval.privilege = yyvsp[-2].privilege;
+ }
+break;
+case 26:
+#line 281 "gram.y"
+{
+ struct privilege *p = calloc(1, sizeof(*p));
+ if (p == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ TAILQ_INIT(&p->defaults);
+ HLTQ_TO_TAILQ(&p->hostlist, yyvsp[-2].member, entries);
+ HLTQ_TO_TAILQ(&p->cmndlist, yyvsp[0].cmndspec, entries);
+ HLTQ_INIT(p, entries);
+ yyval.privilege = p;
+ }
+break;
+case 27:
+#line 295 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = false;
+ }
+break;
+case 28:
+#line 299 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = true;
+ }
+break;
+case 29:
+#line 305 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, ALIAS);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 30:
+#line 312 "gram.y"
+{
+ yyval.member = new_member(NULL, ALL);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 31:
+#line 319 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, NETGROUP);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 32:
+#line 326 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, NTWKADDR);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 33:
+#line 333 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, WORD);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 35:
+#line 343 "gram.y"
+{
+ struct cmndspec *prev;
+ prev = HLTQ_LAST(yyvsp[-2].cmndspec, cmndspec, entries);
+ HLTQ_CONCAT(yyvsp[-2].cmndspec, yyvsp[0].cmndspec, entries);
+#ifdef HAVE_SELINUX
+ /* propagate role and type */
+ if (yyvsp[0].cmndspec->role == NULL && yyvsp[0].cmndspec->type == NULL) {
+ yyvsp[0].cmndspec->role = prev->role;
+ yyvsp[0].cmndspec->type = prev->type;
+ }
+#endif /* HAVE_SELINUX */
+#ifdef HAVE_PRIV_SET
+ /* propagate privs & limitprivs */
+ if (yyvsp[0].cmndspec->privs == NULL && yyvsp[0].cmndspec->limitprivs == NULL) {
+ yyvsp[0].cmndspec->privs = prev->privs;
+ yyvsp[0].cmndspec->limitprivs = prev->limitprivs;
+ }
+#endif /* HAVE_PRIV_SET */
+ /* propagate command time restrictions */
+ if (yyvsp[0].cmndspec->notbefore == UNSPEC)
+ yyvsp[0].cmndspec->notbefore = prev->notbefore;
+ if (yyvsp[0].cmndspec->notafter == UNSPEC)
+ yyvsp[0].cmndspec->notafter = prev->notafter;
+ /* propagate command timeout */
+ if (yyvsp[0].cmndspec->timeout == UNSPEC)
+ yyvsp[0].cmndspec->timeout = prev->timeout;
+ /* propagate tags and runas list */
+ if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC)
+ yyvsp[0].cmndspec->tags.nopasswd = prev->tags.nopasswd;
+ if (yyvsp[0].cmndspec->tags.noexec == UNSPEC)
+ yyvsp[0].cmndspec->tags.noexec = prev->tags.noexec;
+ if (yyvsp[0].cmndspec->tags.setenv == UNSPEC &&
+ prev->tags.setenv != IMPLIED)
+ yyvsp[0].cmndspec->tags.setenv = prev->tags.setenv;
+ if (yyvsp[0].cmndspec->tags.log_input == UNSPEC)
+ yyvsp[0].cmndspec->tags.log_input = prev->tags.log_input;
+ if (yyvsp[0].cmndspec->tags.log_output == UNSPEC)
+ yyvsp[0].cmndspec->tags.log_output = prev->tags.log_output;
+ if (yyvsp[0].cmndspec->tags.send_mail == UNSPEC)
+ yyvsp[0].cmndspec->tags.send_mail = prev->tags.send_mail;
+ if (yyvsp[0].cmndspec->tags.follow == UNSPEC)
+ yyvsp[0].cmndspec->tags.follow = prev->tags.follow;
+ if ((yyvsp[0].cmndspec->runasuserlist == NULL &&
+ yyvsp[0].cmndspec->runasgrouplist == NULL) &&
+ (prev->runasuserlist != NULL ||
+ prev->runasgrouplist != NULL)) {
+ yyvsp[0].cmndspec->runasuserlist = prev->runasuserlist;
+ yyvsp[0].cmndspec->runasgrouplist = prev->runasgrouplist;
+ }
+ yyval.cmndspec = yyvsp[-2].cmndspec;
+ }
+break;
+case 36:
+#line 396 "gram.y"
+{
+ struct cmndspec *cs = calloc(1, sizeof(*cs));
+ if (cs == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ if (yyvsp[-3].runas != NULL) {
+ if (yyvsp[-3].runas->runasusers != NULL) {
+ cs->runasuserlist =
+ malloc(sizeof(*cs->runasuserlist));
+ if (cs->runasuserlist == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ HLTQ_TO_TAILQ(cs->runasuserlist,
+ yyvsp[-3].runas->runasusers, entries);
+ }
+ if (yyvsp[-3].runas->runasgroups != NULL) {
+ cs->runasgrouplist =
+ malloc(sizeof(*cs->runasgrouplist));
+ if (cs->runasgrouplist == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ HLTQ_TO_TAILQ(cs->runasgrouplist,
+ yyvsp[-3].runas->runasgroups, entries);
+ }
+ free(yyvsp[-3].runas);
+ }
+#ifdef HAVE_SELINUX
+ cs->role = yyvsp[-2].options.role;
+ cs->type = yyvsp[-2].options.type;
+#endif
+#ifdef HAVE_PRIV_SET
+ cs->privs = yyvsp[-2].options.privs;
+ cs->limitprivs = yyvsp[-2].options.limitprivs;
+#endif
+ cs->notbefore = yyvsp[-2].options.notbefore;
+ cs->notafter = yyvsp[-2].options.notafter;
+ cs->timeout = yyvsp[-2].options.timeout;
+ cs->tags = yyvsp[-1].tag;
+ cs->cmnd = yyvsp[0].member;
+ HLTQ_INIT(cs, entries);
+ /* sudo "ALL" implies the SETENV tag */
+ if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
+ cs->tags.setenv == UNSPEC)
+ cs->tags.setenv = IMPLIED;
+ yyval.cmndspec = cs;
+ }
+break;
+case 37:
+#line 447 "gram.y"
+{
+ yyval.digest = new_digest(SUDO_DIGEST_SHA224, yyvsp[0].string);
+ if (yyval.digest == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 38:
+#line 454 "gram.y"
+{
+ yyval.digest = new_digest(SUDO_DIGEST_SHA256, yyvsp[0].string);
+ if (yyval.digest == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 39:
+#line 461 "gram.y"
+{
+ yyval.digest = new_digest(SUDO_DIGEST_SHA384, yyvsp[0].string);
+ if (yyval.digest == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 40:
+#line 468 "gram.y"
+{
+ yyval.digest = new_digest(SUDO_DIGEST_SHA512, yyvsp[0].string);
+ if (yyval.digest == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 41:
+#line 477 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ }
+break;
+case 42:
+#line 480 "gram.y"
+{
+ if (yyvsp[0].member->type != COMMAND) {
+ sudoerserror(N_("a digest requires a path name"));
+ YYERROR;
+ }
+ /* XXX - yuck */
+ ((struct sudo_command *) yyvsp[0].member->name)->digest = yyvsp[-1].digest;
+ yyval.member = yyvsp[0].member;
+ }
+break;
+case 43:
+#line 491 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = false;
+ }
+break;
+case 44:
+#line 495 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = true;
+ }
+break;
+case 45:
+#line 501 "gram.y"
+{
+ yyval.string = yyvsp[0].string;
+ }
+break;
+case 46:
+#line 506 "gram.y"
+{
+ yyval.string = yyvsp[0].string;
+ }
+break;
+case 47:
+#line 510 "gram.y"
+{
+ yyval.string = yyvsp[0].string;
+ }
+break;
+case 48:
+#line 515 "gram.y"
+{
+ yyval.string = yyvsp[0].string;
+ }
+break;
+case 49:
+#line 520 "gram.y"
+{
+ yyval.string = yyvsp[0].string;
+ }
+break;
+case 50:
+#line 525 "gram.y"
+{
+ yyval.string = yyvsp[0].string;
+ }
+break;
+case 51:
+#line 529 "gram.y"
+{
+ yyval.string = yyvsp[0].string;
+ }
+break;
+case 52:
+#line 534 "gram.y"
+{
+ yyval.runas = NULL;
+ }
+break;
+case 53:
+#line 537 "gram.y"
+{
+ yyval.runas = yyvsp[-1].runas;
+ }
+break;
+case 54:
+#line 542 "gram.y"
+{
+ yyval.runas = calloc(1, sizeof(struct runascontainer));
+ if (yyval.runas != NULL) {
+ yyval.runas->runasusers = new_member(NULL, MYSELF);
+ /* $$->runasgroups = NULL; */
+ if (yyval.runas->runasusers == NULL) {
+ free(yyval.runas);
+ yyval.runas = NULL;
+ }
+ }
+ if (yyval.runas == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 55:
+#line 557 "gram.y"
+{
+ yyval.runas = calloc(1, sizeof(struct runascontainer));
+ if (yyval.runas == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ yyval.runas->runasusers = yyvsp[0].member;
+ /* $$->runasgroups = NULL; */
+ }
+break;
+case 56:
+#line 566 "gram.y"
+{
+ yyval.runas = calloc(1, sizeof(struct runascontainer));
+ if (yyval.runas == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ yyval.runas->runasusers = yyvsp[-2].member;
+ yyval.runas->runasgroups = yyvsp[0].member;
+ }
+break;
+case 57:
+#line 575 "gram.y"
+{
+ yyval.runas = calloc(1, sizeof(struct runascontainer));
+ if (yyval.runas == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ /* $$->runasusers = NULL; */
+ yyval.runas->runasgroups = yyvsp[0].member;
+ }
+break;
+case 58:
+#line 584 "gram.y"
+{
+ yyval.runas = calloc(1, sizeof(struct runascontainer));
+ if (yyval.runas != NULL) {
+ yyval.runas->runasusers = new_member(NULL, MYSELF);
+ /* $$->runasgroups = NULL; */
+ if (yyval.runas->runasusers == NULL) {
+ free(yyval.runas);
+ yyval.runas = NULL;
+ }
+ }
+ if (yyval.runas == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 59:
+#line 601 "gram.y"
+{
+ init_options(&yyval.options);
+ }
+break;
+case 60:
+#line 604 "gram.y"
+{
+ yyval.options.notbefore = parse_gentime(yyvsp[0].string);
+ free(yyvsp[0].string);
+ if (yyval.options.notbefore == -1) {
+ sudoerserror(N_("invalid notbefore value"));
+ YYERROR;
+ }
+ }
+break;
+case 61:
+#line 612 "gram.y"
+{
+ yyval.options.notafter = parse_gentime(yyvsp[0].string);
+ free(yyvsp[0].string);
+ if (yyval.options.notafter == -1) {
+ sudoerserror(N_("invalid notafter value"));
+ YYERROR;
+ }
+ }
+break;
+case 62:
+#line 620 "gram.y"
+{
+ yyval.options.timeout = parse_timeout(yyvsp[0].string);
+ free(yyvsp[0].string);
+ if (yyval.options.timeout == -1) {
+ if (errno == ERANGE)
+ sudoerserror(N_("timeout value too large"));
+ else
+ sudoerserror(N_("invalid timeout value"));
+ YYERROR;
+ }
+ }
+break;
+case 63:
+#line 631 "gram.y"
+{
+#ifdef HAVE_SELINUX
+ free(yyval.options.role);
+ yyval.options.role = yyvsp[0].string;
+#endif
+ }
+break;
+case 64:
+#line 637 "gram.y"
+{
+#ifdef HAVE_SELINUX
+ free(yyval.options.type);
+ yyval.options.type = yyvsp[0].string;
+#endif
+ }
+break;
+case 65:
+#line 643 "gram.y"
+{
+#ifdef HAVE_PRIV_SET
+ free(yyval.options.privs);
+ yyval.options.privs = yyvsp[0].string;
+#endif
+ }
+break;
+case 66:
+#line 649 "gram.y"
+{
+#ifdef HAVE_PRIV_SET
+ free(yyval.options.limitprivs);
+ yyval.options.limitprivs = yyvsp[0].string;
+#endif
+ }
+break;
+case 67:
+#line 657 "gram.y"
+{
+ TAGS_INIT(yyval.tag);
+ }
+break;
+case 68:
+#line 660 "gram.y"
+{
+ yyval.tag.nopasswd = true;
+ }
+break;
+case 69:
+#line 663 "gram.y"
+{
+ yyval.tag.nopasswd = false;
+ }
+break;
+case 70:
+#line 666 "gram.y"
+{
+ yyval.tag.noexec = true;
+ }
+break;
+case 71:
+#line 669 "gram.y"
+{
+ yyval.tag.noexec = false;
+ }
+break;
+case 72:
+#line 672 "gram.y"
+{
+ yyval.tag.setenv = true;
+ }
+break;
+case 73:
+#line 675 "gram.y"
+{
+ yyval.tag.setenv = false;
+ }
+break;
+case 74:
+#line 678 "gram.y"
+{
+ yyval.tag.log_input = true;
+ }
+break;
+case 75:
+#line 681 "gram.y"
+{
+ yyval.tag.log_input = false;
+ }
+break;
+case 76:
+#line 684 "gram.y"
+{
+ yyval.tag.log_output = true;
+ }
+break;
+case 77:
+#line 687 "gram.y"
+{
+ yyval.tag.log_output = false;
+ }
+break;
+case 78:
+#line 690 "gram.y"
+{
+ yyval.tag.follow = true;
+ }
+break;
+case 79:
+#line 693 "gram.y"
+{
+ yyval.tag.follow = false;
+ }
+break;
+case 80:
+#line 696 "gram.y"
+{
+ yyval.tag.send_mail = true;
+ }
+break;
+case 81:
+#line 699 "gram.y"
+{
+ yyval.tag.send_mail = false;
+ }
+break;
+case 82:
+#line 704 "gram.y"
+{
+ yyval.member = new_member(NULL, ALL);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 83:
+#line 711 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, ALIAS);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 84:
+#line 718 "gram.y"
+{
+ struct sudo_command *c = calloc(1, sizeof(*c));
+ if (c == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ c->cmnd = yyvsp[0].command.cmnd;
+ c->args = yyvsp[0].command.args;
+ yyval.member = new_member((char *)c, COMMAND);
+ if (yyval.member == NULL) {
+ free(c);
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 87:
+#line 739 "gram.y"
+{
+ const char *s;
+ s = alias_add(&parsed_policy, yyvsp[-2].string, HOSTALIAS,
+ sudoers, this_lineno, yyvsp[0].member);
+ if (s != NULL) {
+ sudoerserror(s);
+ YYERROR;
+ }
+ }
+break;
+case 89:
+#line 751 "gram.y"
+{
+ HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
+ yyval.member = yyvsp[-2].member;
+ }
+break;
+case 92:
+#line 761 "gram.y"
+{
+ const char *s;
+ s = alias_add(&parsed_policy, yyvsp[-2].string, CMNDALIAS,
+ sudoers, this_lineno, yyvsp[0].member);
+ if (s != NULL) {
+ sudoerserror(s);
+ YYERROR;
+ }
+ }
+break;
+case 94:
+#line 773 "gram.y"
+{
+ HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
+ yyval.member = yyvsp[-2].member;
+ }
+break;
+case 97:
+#line 783 "gram.y"
+{
+ const char *s;
+ s = alias_add(&parsed_policy, yyvsp[-2].string, RUNASALIAS,
+ sudoers, this_lineno, yyvsp[0].member);
+ if (s != NULL) {
+ sudoerserror(s);
+ YYERROR;
+ }
+ }
+break;
+case 100:
+#line 798 "gram.y"
+{
+ const char *s;
+ s = alias_add(&parsed_policy, yyvsp[-2].string, USERALIAS,
+ sudoers, this_lineno, yyvsp[0].member);
+ if (s != NULL) {
+ sudoerserror(s);
+ YYERROR;
+ }
+ }
+break;
+case 102:
+#line 810 "gram.y"
+{
+ HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
+ yyval.member = yyvsp[-2].member;
+ }
+break;
+case 103:
+#line 816 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = false;
+ }
+break;
+case 104:
+#line 820 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = true;
+ }
+break;
+case 105:
+#line 826 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, ALIAS);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 106:
+#line 833 "gram.y"
+{
+ yyval.member = new_member(NULL, ALL);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 107:
+#line 840 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, NETGROUP);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 108:
+#line 847 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, USERGROUP);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 109:
+#line 854 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, WORD);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 111:
+#line 864 "gram.y"
+{
+ HLTQ_CONCAT(yyvsp[-2].member, yyvsp[0].member, entries);
+ yyval.member = yyvsp[-2].member;
+ }
+break;
+case 112:
+#line 870 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = false;
+ }
+break;
+case 113:
+#line 874 "gram.y"
+{
+ yyval.member = yyvsp[0].member;
+ yyval.member->negated = true;
+ }
+break;
+case 114:
+#line 880 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, ALIAS);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 115:
+#line 887 "gram.y"
+{
+ yyval.member = new_member(NULL, ALL);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+case 116:
+#line 894 "gram.y"
+{
+ yyval.member = new_member(yyvsp[0].string, WORD);
+ if (yyval.member == NULL) {
+ sudoerserror(N_("unable to allocate memory"));
+ YYERROR;
+ }
+ }
+break;
+#line 2173 "gram.c"
+ }
+ yyssp -= yym;
+ yystate = *yyssp;
+ yyvsp -= yym;
+ yym = yylhs[yyn];
+ if (yystate == 0 && yym == 0)
+ {
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: after reduction, shifting from state 0 to\
+ state %d\n", YYPREFIX, YYFINAL);
+#endif
+ yystate = YYFINAL;
+ *++yyssp = YYFINAL;
+ *++yyvsp = yyval;
+ if (yychar < 0)
+ {
+ if ((yychar = yylex()) < 0) yychar = 0;
+#if YYDEBUG
+ if (yydebug)
+ {
+ yys = 0;
+ if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+ if (!yys) yys = "illegal-symbol";
+ printf("%sdebug: state %d, reading %d (%s)\n",
+ YYPREFIX, YYFINAL, yychar, yys);
+ }
+#endif
+ }
+ if (yychar == 0) goto yyaccept;
+ goto yyloop;
+ }
+ if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
+ yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
+ yystate = yytable[yyn];
+ else
+ yystate = yydgoto[yym];
+#if YYDEBUG
+ if (yydebug)
+ printf("%sdebug: after reduction, shifting from state %d \
+to state %d\n", YYPREFIX, *yyssp, yystate);
+#endif
+ if (yyssp >= yysslim && yygrowstack())
+ {
+ goto yyoverflow;
+ }
+ *++yyssp = yystate;
+ *++yyvsp = yyval;
+ goto yyloop;
+yyoverflow:
+ yyerror("yacc stack overflow");
+yyabort:
+ if (yyss)
+ free(yyss);
+ if (yyvs)
+ free(yyvs);
+ yyss = yyssp = NULL;
+ yyvs = yyvsp = NULL;
+ yystacksize = 0;
+ return (1);
+yyaccept:
+ if (yyss)
+ free(yyss);
+ if (yyvs)
+ free(yyvs);
+ yyss = yyssp = NULL;
+ yyvs = yyvsp = NULL;
+ yystacksize = 0;
+ return (0);
+}